Definition
A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. The VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee.
Example
I am having a pharmaceutical company. When my medical representatives are on field, visiting doctors and taking orders from medicals, I want them to keep their updates on server. They all have been given hand held devices to do this job.
The problem is as they are on field and not in my network, they will not be able to access the server, but still I want to grant them access without bringing their devices into domain. How is it possible to access server from a system which is not in domain?
Yes. It is possible through Virtual Private Network (VPN).
Comments
VPN is opposite of NAT. NAT allows systems in LAN to access Internet whereas VPN allows a system on Internet to access the LAN.- VPN dial-up is configured on laptop. The dial-up is configured using server IP running RRAS.
- When VPN starts, it asks username and password. After authentication if the user have access rights then the laptop user receives IP from DC DHCP (If DHCP service is installed else an IP from a range we specify at the time of configuring the VPN Service).
- A VPN tunnel (secured by different protocols) is created between laptop user and DC and access is given to shared files and folders.
Practical
Let's consider the following scenario.
Select Machine
Goto Settings
Network
Add 2 More Adapters and Refresh Mac Address of each.
Start the Machine
Go to Network & Sharing Center
Right Click & Disable Local Area Connection 3
Right Click on Local Area Connection 2
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.
Select VPN -> Next
Now it asks for the NIC connected to Internet. (In our case 192.168.1.10)
Next select the LAN NIC. This is the NIC to which we are allowing access to the remote client. (i.e. 10.0.0.1)
As we have not installed DHCP, hence select From a specified range of addresses -> Next -> Click New and provide an IP range.
Keep "No, use Routing and Remote Access to authenticate connection requests" selected -> Next
-> Finish -> OK
With this we have configured the VPN service. Now on client, you have to just create a dialer.
Restart the Server Computer (This step is important for success of the practical.)
Ping 192.168.1.10 -t and check that the client gets reply from server.
Open Network and Sharing Center -> Set up a new connection or network
Connect to a work place -> Next
Use my Internet connection (VPN)
Select I'll setup my Internet connection later -> Next
Now you have to provide the IP of the server NIC connected to Internet i.e. 192.168.1.10 and a name to the connection -> Next
Here enter the credentials of the user we have made in the beginning of this practical and the dialer is ready.
 |
| VPN Example Diagram |
We have a server computer with two NICs.
- NIC with IP address 192.168.1.10 is connected to the Internet.
- NIC with IP address 10.0.0.1 is connected to the LAN switch.
There is a remote client (our Medical/Sales representative) with IP 192.168.1.15 who wants to access our local network to perform some updates or to access/share some data. VPN will help us here. So let's start with the practical.
Note: We are doing this practical using Oracle VM VirtualBox.
Step 1 : Add three NICs to the Server machine.
(Why 3 ? we will tell it very soon. Go on performing it.)
Goto Settings
Network
Add 2 More Adapters and Refresh Mac Address of each.
Start the Machine
 |
| Adding NIC to a machine in Oracle VM VirtualBox |
Step 2 : Configure the IP Address settings of each NIC.
Manage Network Connections
Right Click & Disable Local Area Connection 3
Right Click on Local Area Connection 2
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.
 |
| IP Settings for NIC connected to LAN |
Right Click on Local Area Connection 1
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.
 |
| IP Settings for NIC connected to Internet |
Step 3 : Give user Dial-in Access
First create a user in AD for the remote client i.e. the Medical/Sales representative. Then
Right Click on the user
Properties
Dial In
Select Allow access -> OK
Step 4 : Install Role Netwrok Policy and Access Services
Goto Server Manager and Install Role Netwrok Policy and Access Services -> Next -> Next
Select Routing and Remote Access Services (2 more options will get selected automatically)
-> Next -> Install -> Close
Step 5 : Configuring Virtual Private Network (VPN) Service
Start -> Administrative Tools -> Routing and Remote Access
Right Click on SERVER(local) -> Configure and Enable Routing and Remote Access -> Next
Select Remote access (dial-up or VPN) -> Next
Select VPN -> Next
Now it asks for the NIC connected to Internet. (In our case 192.168.1.10)
Next select the LAN NIC. This is the NIC to which we are allowing access to the remote client. (i.e. 10.0.0.1)
As we have not installed DHCP, hence select From a specified range of addresses -> Next -> Click New and provide an IP range.
Keep "No, use Routing and Remote Access to authenticate connection requests" selected -> Next
-> Finish -> OK
With this we have configured the VPN service. Now on client, you have to just create a dialer.
Step 6 : Configuring Client
The IP configuration of client system is shown in the Image.
Restart the Server Computer (This step is important for success of the practical.)
Ping 192.168.1.10 -t and check that the client gets reply from server.
Step 7 : Create VPN Dialer
Now continuing on client,Open Network and Sharing Center -> Set up a new connection or network
Connect to a work place -> Next
Use my Internet connection (VPN)
Select I'll setup my Internet connection later -> Next
Now you have to provide the IP of the server NIC connected to Internet i.e. 192.168.1.10 and a name to the connection -> Next
Here enter the credentials of the user we have made in the beginning of this practical and the dialer is ready.
Step 8 : Dial the VPN connection & Access the network
To start VPn connection, Double Click on Dialer and provide credentials of the user with Dial-in access -> Connect
And you are connected.
To access the Server, Start -> Run -> \\10.0.0.1 -> Ok and you can access the resources and do your work.
No comments:
Post a Comment
Your comments are very much valuable for us. Thanks for giving your precious time.